The oil and gas industry is the target of as much as one-half of all cyberattacks in the Middle East. Given its importance for the region’s economies, the risks faced by the industry are all the more pressing, notes a report

Three out of four organisations in the oil and natural gas industry in the Middle East have experienced a security compromise in the past 12 months that resulted in the loss of confidential data or operational technology (OT) disruption. This is according to one of the most salient findings of a recent study by Siemens and the Ponemon Institute, writes Tomas Foltyn, security writer at ESET.

Such cyber-compromises are a common occurrence for 11 per cent of organisations that suffered more than 10 breaches in the preceding 12 months. This is against the backdrop of another finding in the report – organisations believe that roughly one in every two cyberattacks against the OT environment actually goes undetected.

The study, called "Assessing the Cyber Readiness of the Middle East’s Oil and Gas Sector", provides a glimpse into the security posture of the region’s oil and gas companies. It is based on a survey of 176 executives who are responsible for securing or overseeing cyber-risk in their organisations.

The oil and gas industry is the target of as much as one-half of all cyberattacks in the Middle East. Given its importance for the region’s economies, the risks faced by the industry are all the more pressing, notes the report.

IT MEETS OT

The study comes as OT, which encompasses systems that monitor and control physical devices and industrial processes, is increasingly interconnected with IT networks. For all its benefits, however, this IT/OT convergence is opening up new avenues for attacks.

The attendant risks aren’t lost on the survey’s respondents. Most of them (60 per cent) hold that their organisations face greater risks in the OT than in the IT environment. As much as 30 per cent of the region’s attacks target OT, according to the study.

However, insiders were actually found to be the primary source of threat for OT security. This particularly applies to negligent or careless insiders, rather than those acting out of malice. The report notes that, due to the prevalence of insider threat risk, "traditional strategies of air-gapping networks are not an adequate security measure".

The study acknowledged that organisations have begun to adopt crucial measures in order to ward off increasingly pervasive attacks. This includes establishing dedicated OT security teams, partnerships with OT security experts, leveraging security analytics, and introducing cutting-edge monitoring tools.

Having said that, budgets for OT cyber-defenses "have not kept up with the threat", reads the study. Oil and gas organisations in the Middle East were found to spend only one-third of their cybersecurity budgets on hardening their OT environments. Their total cybersecurity budgets, comprising both IT and OT, were lower than those of their global counterparts.

The financial fallout from attacks at the oil and gas sector in the Arabian Gulf was calculated at €1 billion last year alone, reads the report.

The region’s oil and gas industry has been in the attackers’ crosshairs for quite a while now. In 2012, Saudi Aramco, the world’s largest oil company, suffered a major disruption after a virus infected 35,000 of its computers.

In August 2017, attackers used OT-specific malware called Trisis, or Triton, to take out the safety system of an unnamed oil and gas plant in Saudi Arabia, resulting in the halting of the facility’s operations.

Oil & Gas News (OGN) is the only energy journal covering the Middle East, Asia/Pacific Rim as well as the global markets combining more than three decades of international publishing experience with an ability to provide a unique insight into this major industry.
Besides offering authoritative information, business intelligence and quality analyses to professionals and organisations with a serious interest in exploration, refining, production and distribution, all aspects of the energy supply chain are covered by the magazine across all related sectors including the power sector.